Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'RageMP131' = '%LOCALAPPDATA%\RageMP131\RageMP131.exe'
- <SYSTEM32>\tasks\mpgph131 hr
- <SYSTEM32>\tasks\mpgph131 lg
- %TEMP%\f59e91f8
- %LOCALAPPDATA%\ragemp131\ragemp131.exe
- %ALLUSERSPROFILE%\mpgph131\mpgph131.exe
- %TEMP%\rage131mp.tmp
- '14#.#5.47.126':58709
- 'ip##fo.io':443
- 'db##p.com':443
- 'pk#.goog':80
- 'ma##ind.com':80
- http://pk#.goog/gsr1/gsr1.crt
- http://www.ma##ind.com/geoip/v2.1/city/me
- '14#.#5.47.126':58709
- 'ip##fo.io':443
- 'db##p.com':443
- DNS ASK ip##fo.io
- DNS ASK db##p.com
- DNS ASK pk#.goog
- DNS ASK ma##ind.com
- '%WINDIR%\syswow64\schtasks.exe' /create /f /RU "user" /tr "%ALLUSERSPROFILE%\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
- '%WINDIR%\syswow64\schtasks.exe' /create /f /RU "user" /tr "%ALLUSERSPROFILE%\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST